CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-59131 Cross-Site Request Forgery (CSRF) vulnerability in Hoernerfranz WP-CalDav2ICS allows Stored XSS.This issue affects WP-CalDav2ICS: from n/a through 1.3.4. | 7.1 | HIGH | β | 0 |
| CVE-2025-49346 Cross-Site Request Forgery (CSRF) vulnerability in Peter Sterling Simple Archive Generator allows Stored XSS.This issue affects Simple Archive Generator: from n/a through 5.2. | 7.1 | HIGH | β | 0 |
| CVE-2025-59137 Cross-Site Request Forgery (CSRF) vulnerability in eLEOPARD Behance Portfolio Manager allows Stored XSS.This issue affects Behance Portfolio Manager: from n/a through 1.7.5. | 7.1 | HIGH | β | 0 |
| CVE-2025-49342 Cross-Site Request Forgery (CSRF) vulnerability in Wolfgang HΓ€felinger Custom Style allows Stored XSS.This issue affects Custom Style: from n/a through 1.0. | 7.1 | HIGH | β | 0 |
| CVE-2025-49343 Cross-Site Request Forgery (CSRF) vulnerability in Socialprofilr Social Profilr allows Stored XSS.This issue affects Social Profilr: from n/a through 1.0. | 7.1 | HIGH | β | 0 |
| CVE-2025-49344 Cross-Site Request Forgery (CSRF) vulnerability in Rene Ade SensitiveTagCloud allows Stored XSS.This issue affects SensitiveTagCloud: from n/a through 1.4.1. | 7.1 | HIGH | β | 0 |
| CVE-2025-49345 Cross-Site Request Forgery (CSRF) vulnerability in mg12 WP-EasyArchives allows Stored XSS.This issue affects WP-EasyArchives: from n/a through 3.1.2. | 7.1 | HIGH | β | 0 |
| CVE-2021-47766 Kmaleon 1.1.0.205 contains an authenticated SQL injection vulnerability in the 'tipocomb' parameter of kmaleonW.php that allows attackers to manipulate database queries. Attackers can exploit this vul... | 7.1 | HIGH | β | 0 |
| CVE-2025-49354 Cross-Site Request Forgery (CSRF) vulnerability in Mindstien Technologies Recent Posts From Each Category allows Stored XSS.This issue affects Recent Posts From Each Category: from n/a through 1.4. | 7.1 | HIGH | β | 0 |
| CVE-2026-21447 Bagisto is an open source laravel eCommerce platform. Prior to version 2.3.10, an Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated custome... | 7.1 | HIGH | β | 0 |
| CVE-2026-22467 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mwtemplates DeepDigital deepdigital allows Reflected XSS.This issue affects DeepDigital: from n/a ... | 7.1 | HIGH | β | 0 |
| CVE-2025-68885 Cross-Site Request Forgery (CSRF) vulnerability in Page Carbajal Custom Post Status allows Stored XSS.This issue affects Custom Post Status: from n/a through 1.1.0. | 7.1 | HIGH | β | 0 |
| CVE-2025-49028 Cross-Site Request Forgery (CSRF) vulnerability in Zoho Mail Zoho ZeptoMail allows Stored XSS.This issue affects Zoho ZeptoMail: from n/a through 3.3.1. | 7.1 | HIGH | β | 0 |
| CVE-2026-24046 Backstage is an open framework for building developer portals. Multiple Scaffolder actions and archive extraction utilities were vulnerable to symlink-based path traversal attacks. An attacker with ac... | 7.1 | HIGH | β | 0 |
| CVE-2025-68859 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in agmorpheus Syntax Highlighter Compress syntax-highlighter-compress allows Reflected XSS.This issue... | 7.1 | HIGH | β | 0 |
| CVE-2025-67949 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designingmedia Hostiko hostiko allows Reflected XSS.This issue affects Hostiko: from n/a through <... | 7.1 | HIGH | β | 0 |
| CVE-2025-69102 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boopathi Rajan WP Test Email wp-test-email allows Reflected XSS.This issue affects WP Test Email: ... | 7.1 | HIGH | β | 0 |
| CVE-2025-67952 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Tour grandtour allows Reflected XSS.This issue affects Grand Tour: from n/a throu... | 7.1 | HIGH | β | 0 |
| CVE-2025-68008 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 WP Mail wp-mail allows Reflected XSS.This issue affects WP Mail: from n/a through <= ... | 7.1 | HIGH | β | 0 |
| CVE-2025-68004 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kapil Chugh My Post Order my-posts-order allows Reflected XSS.This issue affects My Post Order: fr... | 7.1 | HIGH | β | 0 |
| CVE-2025-68904 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews - Frontend Submit jnews-frontend-submit allows Reflected XSS.This issue affects JNe... | 7.1 | HIGH | β | 0 |
| CVE-2025-68873 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chloΓ©digital PRIMER by chloΓ©digital primer-by-chloedigital allows Reflected XSS.This issue affects... | 7.1 | HIGH | β | 0 |
| CVE-2025-69318 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hossni Mubarak JobWP jobwp allows Stored XSS.This issue affects JobWP: from n/a through <= 2.4.5. | 7.1 | HIGH | β | 0 |
| CVE-2025-68838 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in expresstechsoftware MemberPress Discord Addon expresstechsoftwares-memberpress-discord-add-on allo... | 7.1 | HIGH | β | 0 |
| CVE-2025-68906 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews - Video jnews-video allows Reflected XSS.This issue affects JNews - Video: from n/a... | 7.1 | HIGH | β | 0 |
| CVE-2025-68518 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Hoteller hoteller allows Reflected XSS.This issue affects Hoteller: from n/a through < ... | 7.1 | HIGH | β | 0 |
| CVE-2025-14316 The AhaChat Messenger Marketing WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be ... | 7.1 | HIGH | β | 0 |
| CVE-2026-23843 teklifolustur_app is a web-based PHP application that allows users to create, manage, and track quotes for their clients. Prior to commit dd082a134a225b8dcd401b6224eead4fb183ea1c, an Insecure Direct O... | 7.1 | HIGH | β | 0 |
| CVE-2025-67230 Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to invoke external protocol handlers without sufficient validat... | 7.1 | HIGH | β | 0 |
| CVE-2025-69320 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Magazine grandmagazine allows Reflected XSS.This issue affects Grand Magazine: fr... | 7.1 | HIGH | β | 0 |
| CVE-2025-69003 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QantumThemes KenthaRadio qt-kentharadio allows Reflected XSS.This issue affects KenthaRadio: from ... | 7.1 | HIGH | β | 0 |
| CVE-2025-69321 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Spa grandspa allows Reflected XSS.This issue affects Grand Spa: from n/a through ... | 7.1 | HIGH | β | 0 |
| CVE-2026-0533 A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Au... | 7.1 | HIGH | β | 0 |
| CVE-2025-68839 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Remi Corson Easy Theme Options easy-theme-options allows Reflected XSS.This issue affects Easy The... | 7.1 | HIGH | β | 0 |
| CVE-2026-24403 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow vulnerability exists in icValidat... | 7.1 | HIGH | β | 0 |
| CVE-2026-24404 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayType() contains a Null Pointer Dereferenc... | 7.1 | HIGH | β | 0 |
| CVE-2026-24407 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in icSigCalcOp(). This occurs whe... | 7.1 | HIGH | β | 0 |
| CVE-2026-0534 A maliciously crafted HTML payload, stored in a partβs attribute and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A mali... | 7.1 | HIGH | β | 0 |
| CVE-2025-69056 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Hotel Listing hotel-listing allows Reflected XSS.This issue affects Hotel Listing: from ... | 7.1 | HIGH | β | 0 |
| CVE-2025-69054 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Logos Showcase superlogoshowcase-wp allows Reflected XSS.This issue affects Super... | 7.1 | HIGH | β | 0 |
| CVE-2025-69053 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player universal-video-player allows Reflected XSS.This issue affects... | 7.1 | HIGH | β | 0 |
| CVE-2026-24409 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIc... | 7.1 | HIGH | β | 0 |
| CVE-2025-68012 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dmytro Shteflyuk CodeColorer codecolorer allows Stored XSS.This issue affects CodeColorer: from n/... | 7.1 | HIGH | β | 0 |
| CVE-2025-69051 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro Reviews listingpro-reviews allows Reflected XSS.This issue affects Listing... | 7.1 | HIGH | β | 0 |
| CVE-2026-24410 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIc... | 7.1 | HIGH | β | 0 |
| CVE-2026-22444 The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths t... | 7.1 | HIGH | β | 0 |
| CVE-2026-0535 A maliciously crafted HTML payload, stored in a componentβs description and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application.... | 7.1 | HIGH | β | 0 |
| CVE-2025-68871 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in noCreativity Dooodl dooodl allows Reflected XSS.This issue affects Dooodl: from n/a through <= 2.3... | 7.1 | HIGH | β | 0 |
| CVE-2025-67964 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Homey Core homey-core allows Reflected XSS.This issue affects Homey Core: from n/a thro... | 7.1 | HIGH | β | 0 |
| CVE-2026-21986 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows unaut... | 7.1 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.